The plugin does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog
CPE | Name | Operator | Version |
---|---|---|---|
easy-paypal-donation | lt | 1.3.4 |